FlowDroid icon indicating copy to clipboard operation
FlowDroid copied to clipboard
verified publisher icon secure-software-engineering

How to included "unreachable" methods that are actually reachable in the call graph?

Open RichardHoOoOo opened this issue 3 years ago • 0 comments

Hi @StevenArzt

I know that FlowDroid removes methods that are unreachable from an entry point when building the call graph (with SPARK). But there are cases in which "unreachable" methods are actually reachable. For example, lifecycle callbacks in a fragment added as a child fragment are not modeled in the call graph (Probably because getChildFragmentManager is not considered in the following line).

https://github.com/secure-software-engineering/FlowDroid/blob/c21f991a30625fe4e23eab1cf37dc342d3ca9f81/soot-infoflow-android/src/soot/jimple/infoflow/android/callbacks/AbstractCallbackAnalyzer.java#L503

Using CHA seems to work but it makes other analysis (e.g., pointer analysis) not working.

I want to ask are there any ways that we can manually specify entry points when using FlowDroid? If not, can you give some suggestions on which part of FlowDroid's source code should I modify if I want to implement this feature?

RichardHoOoOo avatar Aug 04 '22 07:08 RichardHoOoOo